Downloaded 125 times
More Related Content
Basic Linux Security
- 1.
- 2. Physical Security Physicalaccess to machines Switches instead of hubs
- 3. Principle of leastprivilege Fewest accounts necessary Fewest open ports necessary Fewest running applications
- 4. Root Account Usedas little as possible Master key to a building Apps use other accounts, if possible People use su, sudo http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/sudo.v80.htm
- 5. Passwords >=7 charactersMixed case, letters and symbols Not names or words Keep private Don’t leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
- 6. Open ports Closeall unneeded applications “ netstat –anp” or lsof to see what’s open Ntsysv, linuxconf to shut down Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
- 7. Plaintext network connectionsEmail, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-intro.htm
- 8. Encrypted network connectionsSsh Terminal session File copying Other TCP connections http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/ssh-techniques.v0.81.htm IPSec All packets traveling between systems or networks http://www.freeswan.org https web servers http://httpd.apache.org/related_projects.html
- 9. Package updates Availablefrom Linux distribution vendor Sign up for announcements list Use automated update tools: up2date, red carpet http://www.ists.dartmouth.edu/IRIA/knowledge_base/linuxinfo/essential_host_security.htm
- 10. Intrusion Detection SystemSnort Reports on attack packets based on a regularly updated signature file Install inside the firewall http://www.snort.org
- 11. Advanced techniques AuditedOS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com , http://www.user-mode-linux.sourceforge.net TCFS http://tcfs.dia.unisa.it
- 12. Resources Distribution securityannouncements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_base/index.htm Worm characterizations and removal tools Linux and network security papers covering many of today’s topics Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
Editor's Notes
- #2 The Investigative Research for Infrastructure Assurance (IRIA) group is part of the Institute for Security Technology Studies (ISTS) at Dartmouth College. IRIA focuses on electronic crimes that involve or target computer networks, for example, the denial-of-service attacks that shut down Yahoo and other major web sites in February, 2000. Our web site at http://www.ists.dartmouth.edu/IRIA/ has more information about our projects and staff.
- #9 Both tools provide strong authentication for the host by checking a host key at each connection setup. If the host key changes, loud warnings go out and packets are not allowed to pass. Ssh also authenticates the user making the connection, by means of a password or passphrase.